Python Package Index (PyPI) packages have become a common way for threat actors to post malware that unsuspecting victims may download. The FortiGuard Labs team has been monitoring this attack vector for some time and, earlier this year, began posting a monthly update of the zero-day attacks we have discovered. Recently, FortiGuard introduced a new AI engine to our OSS supply chain attack hunting system. Researchers have discovered several new zero-day PyPI attacks using this AI engine assist
